Embedding permissions


#1

Are only admins allowed to embed questions and dashboards in other applications? My admin has turned on embedding in the admin options as per this user guide on embedding. However I still don’t see the “share” icon that would allow me to embed. He does though. Do I really need admin permissions to embed questions/dashboards?? That doesn’t seem right, but we haven’t been able to find a setting that would grant me permissions to embed questions/dashboards without making me an admin.


#2

It is admin only:
image


#3

This is the screenshot for public sharing, not embedding.


#4

And here’s the one for embedding:
image

Still admin only


#5

Ahh great thank you. Any idea why it would be admin only? Feels like there is no security benefit to this being admin-only, since all that’s happening when a card is embedded is including in an iframe. So presumably nobody can see it who wouldn’t be able to see it already by going directly to metabase. Possible I’m missing some attack vectors/use cases though.


#6

The security isn’t that granular (yet?), so all the groups really do is define who can see what in the database. If everyone could embed, there would be a potential security problem of showing data to external users without permission.
Someone will probably be along shortly to point out that it’s on the todo list!